postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Upgrade from 2.4.5 to 2.7.1 and MS Outlook cl

Re: Upgrade from 2.4.5 to 2.7.1 and MS Outlook clients

From: Victor Duchovni <Victor.Duchovni_at_nospam>
Date: Wed Oct 27 2010 - 17:52:29 GMT
To: postfix-users@postfix.org

On Wed, Oct 27, 2010 at 07:20:52PM +0200, Laurent CARON wrote:

> On Wed, Oct 27, 2010 at 01:15:13PM -0400, Victor Duchovni wrote:
> > If the configuration was the same with 2.4.5, it did not appear after
> > the upgrade, rather you were testing/looking harder, and the mix
> > of clients or client software versions may have also changed since
> > you last looked closely. The on-the-wire behaviour of ask_ccert
> > has not changed, and Postfix 2.4 fully supports this feature.
>
> The config is exactly the same and didn't change.
>
> The clients didn't change their config either.
>
> Previous version was a debian package (postfix 2.4.5-4~bpo40+1).
> Maybe a debian customization or patch has something to do with it.
>
> Will do some more tests ASAP.

Did you change OpenSSL versions? The SMTP server's CAfile, extends
the built-in list of CA's used by OpenSSL, so using a newer OpenSSL
installation, can change the mix of CAs sent by the server in a client
cert request. Client behaviour may depend on wether the CA (DN) list is
empty or not, and perhaps on the specific content or length.

-- Viktor.